Leak exposes Chinese hacker

I-Soon hackers compromised more than a dozen governments
(File Photo)
(File Photo)

A Shanghai-based tech security firm has been exposed as China’s hacker after data on its cyberattacks were leaked last week on the online software repository GitHub by an unknown person.

The leaked data from I-Soon contains hundreds of files showing chatlogs, presentations and lists of infiltration targets, namely foreign government servers, social media accounts and personal computers.

“The leak provides some of the most concrete details seen publicly to date, revealing the maturing nature of China’s cyber espionage ecosystem,” SentinelLabs analysts said Wednesday.

I-Soon hackers compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes.

“As demonstrated by the leaked documents, third-party contractors play a significant role in facilitating and executing many of China’s offensive operations in the cyber domain,” SentinelLabs analysts said.

It was able to breach government offices in India, Thailand, Vietnam and South Korea, among others, Malwarebytes said in a separate post on Wednesday.

It also breached “democracy organizations” in China’s semi-autonomous city of Hong Kong, universities and the North Atlantic Treaty Organization military alliance, SentinelLabs researchers wrote Wednesday.

Agence France-Presse found what appeared to be lists of Thai and United Kingdom government departments among the leaks, as well as screenshots of attempts to log into an individual’s Facebook account.

AFP was unable to immediately verify the leaked data.

Beijing has dismissed the claims as “groundless” and pointed to the United States’ own history of cyber espionage.

I-Soon’s website was not available Thursday morning, though an internet archive snapshot of the site from Tuesday says it has subsidiaries and offices in Beijing, Sichuan, Jiangsu and Zhejiang.

Analysts who examined the files said the company also offered potential clients the ability to break into accounts of individuals on social media platform X — monitoring their activity, reading their private messages, and sending posts.

Daily Tribune